{ config, lib, pkgs, inputs, ... }:

{
  imports = with inputs.self.modules; [
    ./hardware-configuration.nix

    users.aya
  ];

  roles.desktop = "gnome";

  nix.gc.automatic = lib.mkForce false;

  boot = {
    loader = {
      grub = {
        enable = true;
        device = "/dev/sda";
      };
      timeout = 2;
    };
    kernelPackages = pkgs.linuxPackages_6_6;
    kernelParams = [ "acpi_backlight=native" "mem_sleep_default=s2idle" ];
  };

  environment.persistence."/system/persist" = {
    directories = [
      "/etc/NetworkManager"
      "/var/db/sudo"
      "/var/lib"
      "/var/log"
    ];
    files = [
      "/etc/machine-id"
      { file = "/root/.ssh/id_ed25519";
        parentDirectory = {
          defaultPerms.mode = "0700";
          mode = "0700";
        };
      }
    ];
  };

  fileSystems = {
    "/".options = [ "size=256M" "mode=755" ];
    "/home".options = [ "compress=zstd" ];
    "/nix".options = [ "compress=zstd" "noatime" ];
    "/system" = {
      neededForBoot = true;
      options = [ "compress=zstd" ];
    };
  };

  age = {
    identityPaths = [ "/system/persist/root/.ssh/id_ed25519" ];
    secrets = with inputs.self.modules; {
      makai-wg0.file = secrets.makai-wg0;
      yama-wg0-makai.file = secrets.yama-wg0-makai;
    };
  };

  networking = {
    hostName = "makai";
    networkmanager.enable = true;

    wireguard.interfaces = {
      wg0 = {
        ips = [ "10.0.0.2/24" ];
        listenPort = 51820;
        privateKeyFile = config.age.secrets.makai-wg0.path;
        peers = [
          { # yama
            publicKey = "Tan9IHvGvzeHFBSg3ZnhqNuJFYtAB+hfybbh9SPWRwk=";
            presharedKeyFile = config.age.secrets.yama-wg0-makai.path;
            endpoint = "notbad.dynv6.net:51820";
            allowedIPs = [ "10.0.0.1/32" ];
            dynamicEndpointRefreshSeconds = 10;
          }
        ];
      };
    };
  };

  environment.sessionVariables = {
    LIBVA_DRIVER_NAME = "i965";
  };

  services = {
    # btrfs.autoScrub = {
    #   enable = true;
    #   fileSystems = [ "/system" ];
    # };
    dnsmasq.enable = true;
    logind.lidSwitch = "suspend-then-hibernate";
    yggdrasil.enable = true;
  };

  systemd.sleep.extraConfig = ''
    SuspendState=freeze
    HibernateDelaySec=20m
  '';

  zramSwap.enable = true;
}
